@daloyjs/core 0.4.1 → 0.5.0

package/README.md

@@ -27,7 +27,7 @@ DaloyJS exists to be the framework you'd build if you took the best ideas from e
 | **Supply-chain-hardened installs and publishing** | [pnpm](https://pnpm.io/motivation) + hardened CI/CD | `ignore-scripts`, release-age cooldown, explicit build allowlist, SHA-pinned actions, isolated OIDC publish with provenance. |
 
 ```
-228/228 framework tests passing · 100% line + function coverage · clean strict TypeScript 6
+269/269 framework tests passing · 100% line + function coverage · clean strict TypeScript 6
 runs on Node, Bun, Deno, Cloudflare, Vercel
 ~12.3M static-route ops/sec · ~1.5M dynamic-route ops/sec on M-class CPU
 ```
@@ -77,7 +77,7 @@ verify-store-integrity=true
 provenance=true
 ```
 
-These defaults block transitive lifecycle scripts, wait 24 hours before resolving freshly published versions, verify the pnpm store, and require provenance on publish. The few dependencies that truly need install-time builds are allowlisted in `package.json` under `pnpm.onlyBuiltDependencies`.
+These defaults block transitive lifecycle scripts, wait 24 hours before resolving freshly published versions, verify the pnpm store, and require provenance on publish. The few dependencies that truly need install-time builds are allowlisted in `package.json` under `pnpm.onlyBuiltDependencies`, and CI runs `pnpm verify:lockfile` to reject git dependency sources and non-registry tarball URLs in `pnpm-lock.yaml`.
 
 Run `pnpm audit --prod` regularly (or `pnpm run audit` in this repo) — and `pnpm install --frozen-lockfile --ignore-scripts` in CI.
 
@@ -200,7 +200,7 @@ Mount at `/docs` and the UI is always contract-accurate — never stale.
 | **Method confusion** | Real **405** with `Allow` header, not a misleading 404. |
 | **CORS misconfig** | Explicit allowlist; never `*` with credentials. |
 | **Request correlation** | Cryptographic `randomId()` request ids on every response. |
-| **Supply chain** | pnpm `ignore-scripts=true`, `minimum-release-age=1440`, verified store, reproducible lockfile, provenance publishing, and CI/CD hardening against cache poisoning and OIDC token abuse. |
+| **Supply chain** | pnpm `ignore-scripts=true`, `minimum-release-age=1440`, verified store, reproducible lockfile, lockfile source verification, provenance publishing, and CI/CD hardening against cache poisoning and OIDC token abuse. |
 
 The publish pipeline is also hardened: no `pull_request_target`, no GitHub Actions cache in CI, top-level `permissions: {}`, `step-security/harden-runner`, a separate protected `release.yml` workflow, npm trusted publishing with `--provenance`, CodeQL, OpenSSF Scorecard, zizmor workflow linting, Dependabot, and CODEOWNERS on workflow/package files. See [SECURITY.md](SECURITY.md) and the [supply-chain security docs](https://daloyjs.dev/docs/security/supply-chain).
 
@@ -301,6 +301,7 @@ Full, versioned plan: [ROADMAP.md](./ROADMAP.md).
 - [x] Mock mode
 - [x] Scalar + Swagger UI handlers
 - [x] **pnpm-first distribution with hardened `.npmrc`**
+- [x] **Lockfile source verification for git/non-registry tarball dependencies**
 - [x] **100% line + function coverage** enforced by `pnpm coverage`
 
 **Current (`0.2.x` follow-up — see [ROADMAP.md](./ROADMAP.md) for the full plan):**
@@ -319,8 +320,14 @@ Full, versioned plan: [ROADMAP.md](./ROADMAP.md).
 - [ ] Release checklist and publishing docs cleanup
 
 **On deck (`0.3.x` and beyond):**
-Redis rate-limit store,
-CLI route and schema inspector, WebSockets, and HTTP/2 + HTTP/3 adapters.
+WebSockets and HTTP/2 + HTTP/3 adapters.
+
+**Shipped from `0.5.x` ("project ops") so far:**
+
+- [x] Bun and Deno scaffolder templates (`bun-basic`, `deno-basic`)
+- [x] `--minimal` flag that strips the bookstore demo and `/docs` + `/openapi.json` routes from any template
+- [x] `daloy inspect` CLI: route table, schema summary, contract-test gate, OpenAPI dump, tag/method filters
+- [x] Redis-backed `RateLimitStore` at `@daloyjs/core/rate-limit-redis` with `ioredisAdapter` / `nodeRedisAdapter` and a fail-open default for shared counters across replicas
 
 ## License
 

package/bin/daloy.mjs

@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+/**
+ * `daloy` CLI shim. Real logic lives in `dist/cli.js` (`src/cli.ts`).
+ *
+ * For TypeScript entry files we try to register `tsx` if it's installed
+ * in the consumer project; otherwise we surface a friendly error pointing
+ * users at `node --import tsx`.
+ */
+
+import { pathToFileURL, fileURLToPath } from "node:url";
+import { resolve, dirname } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { runCli } from "../dist/cli.js";
+
+const PKG = JSON.parse(
+  readFileSync(resolve(dirname(fileURLToPath(import.meta.url)), "..", "package.json"), "utf8")
+);
+
+const TS_EXT = /\.(ts|tsx|mts|cts)$/i;
+
+let tsxRegistered = false;
+async function ensureTsxIfNeeded(specifier) {
+  if (!TS_EXT.test(specifier) || tsxRegistered) return;
+  try {
+    const api = await import("tsx/esm/api");
+    api.register();
+    tsxRegistered = true;
+  } catch {
+    throw new Error(
+      `Loading TypeScript entry "${specifier}" requires tsx. Install it ` +
+        `(\`pnpm add -D tsx\`) or run: node --import tsx ./node_modules/.bin/daloy inspect ${specifier}`
+    );
+  }
+}
+
+async function importEntry(specifier) {
+  const abs = resolve(process.cwd(), specifier);
+  if (!existsSync(abs)) {
+    throw new Error(`Entry file not found: ${abs}`);
+  }
+  await ensureTsxIfNeeded(abs);
+  return import(pathToFileURL(abs).href);
+}
+
+const result = await runCli(process.argv.slice(2), {
+  stdout: (chunk) => process.stdout.write(chunk),
+  stderr: (chunk) => process.stderr.write(chunk),
+  importEntry,
+  version: PKG.version,
+});
+
+process.exit(result.exitCode);

package/dist/cli.d.ts

@@ -0,0 +1,39 @@
+/**
+ * `daloy inspect` — CLI inspector.
+ *
+ * Loads a user's `App` instance from an entry file and prints its routes,
+ * schema summary, dead routes, missing operationIds, or the full OpenAPI
+ * 3.1 document.
+ *
+ * Pure logic lives in `runCli` so it can be unit-tested without spawning
+ * a child process. The thin shim in `bin/daloy.mjs` wires this up to
+ * `process.argv`, `process.stdout`, dynamic `import()`, and `process.exit`.
+ */
+export interface CliIO {
+    stdout: (chunk: string) => void;
+    stderr: (chunk: string) => void;
+    /** Resolve a user-provided entry specifier to a module to import. */
+    importEntry: (specifier: string) => Promise<unknown>;
+    /** Version string surfaced by `--version`. */
+    version: string;
+}
+export interface CliResult {
+    exitCode: number;
+}
+export interface CliOptions {
+    json: boolean;
+    check: boolean;
+    schemas: boolean;
+    openapi: boolean;
+    tag?: string;
+    method?: string;
+    entry?: string;
+    help: boolean;
+    version: boolean;
+}
+export declare function parseArgs(argv: readonly string[]): {
+    command: string;
+    opts: CliOptions;
+};
+export declare function runCli(argv: readonly string[], io: CliIO): Promise<CliResult>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,MAAM,WAAW,KAAK;IACpB,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,qEAAqE;IACrE,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACrD,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAkCD,wBAAgB,SAAS,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAmDxF;AAUD,wBAAsB,MAAM,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAyDnF"}

package/dist/cli.js

@@ -0,0 +1,257 @@
+/**
+ * `daloy inspect` — CLI inspector.
+ *
+ * Loads a user's `App` instance from an entry file and prints its routes,
+ * schema summary, dead routes, missing operationIds, or the full OpenAPI
+ * 3.1 document.
+ *
+ * Pure logic lives in `runCli` so it can be unit-tested without spawning
+ * a child process. The thin shim in `bin/daloy.mjs` wires this up to
+ * `process.argv`, `process.stdout`, dynamic `import()`, and `process.exit`.
+ */
+import { runContractTests } from "./contract.js";
+import { generateOpenAPI } from "./openapi.js";
+const HELP = `daloy — DaloyJS CLI
+
+Usage:
+  daloy <command> [options] [entry]
+
+Commands:
+  inspect [entry]        Load an App and print its routes (default command).
+
+Options:
+  --json                 Print machine-readable JSON instead of a table.
+  --check                Run the contract test suite; exit 1 on errors.
+  --schemas              Include per-route schema presence (body/query/...).
+  --openapi              Print the OpenAPI 3.1 document for the App.
+  --tag <tag>            Only show routes that declare this tag.
+  --method <method>      Only show routes for this HTTP method.
+  -h, --help             Show this help.
+  -v, --version          Print the @daloyjs/core version this CLI ships from.
+
+Entry:
+  A path to a JS or TS file that exports an App instance, either as the
+  default export or as a named export called "app". Defaults to
+  ./src/app.ts, then ./src/app.js, then ./app.ts, then ./app.js.
+
+Examples:
+  daloy inspect
+  daloy inspect --json src/server.ts
+  daloy inspect --check
+  daloy inspect --openapi > openapi.json
+`;
+const DEFAULT_ENTRIES = ["src/app.ts", "src/app.js", "app.ts", "app.js"];
+export function parseArgs(argv) {
+    const opts = {
+        json: false,
+        check: false,
+        schemas: false,
+        openapi: false,
+        help: false,
+        version: false,
+    };
+    let command = "inspect";
+    let i = argv[0] === "inspect" ? 1 : 0;
+    // Treat the first positional that isn't a known command as the entry.
+    if (argv[0] === "help") {
+        command = "help";
+        i = 1;
+    }
+    for (; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === undefined)
+            continue;
+        switch (a) {
+            case "--json":
+                opts.json = true;
+                break;
+            case "--check":
+                opts.check = true;
+                break;
+            case "--schemas":
+                opts.schemas = true;
+                break;
+            case "--openapi":
+                opts.openapi = true;
+                break;
+            case "--tag":
+                opts.tag = readFlagValue(argv, ++i, "--tag");
+                break;
+            case "--method":
+                opts.method = readFlagValue(argv, ++i, "--method").toUpperCase();
+                break;
+            case "-h":
+            case "--help":
+                opts.help = true;
+                break;
+            case "-v":
+            case "--version":
+                opts.version = true;
+                break;
+            default:
+                if (a.startsWith("-")) {
+                    throw new Error(`Unknown flag: ${a}`);
+                }
+                opts.entry = a;
+        }
+    }
+    return { command, opts };
+}
+function readFlagValue(argv, index, flag) {
+    const value = argv[index];
+    if (!value || value.startsWith("-")) {
+        throw new Error(`${flag} requires a value`);
+    }
+    return value;
+}
+export async function runCli(argv, io) {
+    let parsed;
+    try {
+        parsed = parseArgs(argv);
+    }
+    catch (err) {
+        io.stderr(`${err.message}\n\n${HELP}`);
+        return { exitCode: 2 };
+    }
+    const { command, opts } = parsed;
+    if (opts.help || command === "help") {
+        io.stdout(HELP);
+        return { exitCode: 0 };
+    }
+    if (opts.version) {
+        io.stdout(`${io.version}\n`);
+        return { exitCode: 0 };
+    }
+    if (command !== "inspect") {
+        io.stderr(`Unknown command: ${command}\n\n${HELP}`);
+        return { exitCode: 2 };
+    }
+    let app;
+    try {
+        app = await loadApp(opts.entry, io);
+    }
+    catch (err) {
+        io.stderr(`${err.message}\n`);
+        return { exitCode: 1 };
+    }
+    if (opts.openapi) {
+        const doc = generateOpenAPI(app, {
+            info: { title: "App", version: "0.0.0" },
+        });
+        io.stdout(`${JSON.stringify(doc, null, opts.json ? 0 : 2)}\n`);
+        return { exitCode: 0 };
+    }
+    const all = app.introspect();
+    const routes = filterRoutes(all, opts);
+    const issues = opts.check ? await runContractTests(app) : undefined;
+    if (opts.json) {
+        const payload = { routes };
+        if (issues)
+            payload.contract = issues;
+        io.stdout(`${JSON.stringify(payload, null, 2)}\n`);
+        return { exitCode: issues && !issues.ok ? 1 : 0 };
+    }
+    io.stdout(formatTable(routes, opts.schemas));
+    if (issues) {
+        io.stdout(`\n${formatContract(issues)}`);
+        if (!issues.ok)
+            return { exitCode: 1 };
+    }
+    return { exitCode: 0 };
+}
+function filterRoutes(routes, opts) {
+    return routes.filter((r) => (!opts.method || r.method === opts.method) &&
+        (!opts.tag || Boolean(r.tags?.includes(opts.tag))));
+}
+function formatTable(routes, includeSchemas) {
+    if (routes.length === 0) {
+        return "No routes registered (or none matched the filter).\n";
+    }
+    const header = includeSchemas
+        ? ["METHOD", "PATH", "OPERATION ID", "B/Q/P/H", "RESPONSES", "TAGS"]
+        : ["METHOD", "PATH", "OPERATION ID", "RESPONSES", "TAGS"];
+    const rows = [header];
+    for (const r of routes) {
+        const opId = r.operationId ?? "-";
+        const tags = r.tags?.join(",") ?? "-";
+        const responses = r.responses.length === 0 ? "-" : r.responses.sort((a, b) => a - b).join(",");
+        if (includeSchemas) {
+            const flags = `${r.hasBody ? "B" : "-"}${r.hasQuery ? "Q" : "-"}${r.hasParams ? "P" : "-"}${r.hasHeaders ? "H" : "-"}`;
+            rows.push([r.method, r.path, opId, flags, responses, tags]);
+        }
+        else {
+            rows.push([r.method, r.path, opId, responses, tags]);
+        }
+    }
+    const widths = header.map((_, col) => Math.max(...rows.map((row) => (row[col] ?? "").length)));
+    const out = [];
+    for (let i = 0; i < rows.length; i++) {
+        const row = rows[i] ?? [];
+        const line = row.map((cell, col) => cell.padEnd(widths[col] ?? 0)).join("  ");
+        out.push(line.trimEnd());
+        if (i === 0)
+            out.push(widths.map((w) => "-".repeat(w)).join("  "));
+    }
+    out.push("");
+    out.push(`${routes.length} route${routes.length === 1 ? "" : "s"}.`);
+    return `${out.join("\n")}\n`;
+}
+function formatContract(report) {
+    const out = [];
+    const errors = report.issues.filter((i) => i.level === "error");
+    const warnings = report.issues.filter((i) => i.level === "warning");
+    out.push(`Contract checks: ${report.checked} route${report.checked === 1 ? "" : "s"} · ` +
+        `${errors.length} error${errors.length === 1 ? "" : "s"} · ` +
+        `${warnings.length} warning${warnings.length === 1 ? "" : "s"}`);
+    for (const issue of report.issues) {
+        out.push(`  [${issue.level}] ${issue.route}: ${issue.message}`);
+    }
+    if (report.ok)
+        out.push("OK.");
+    else
+        out.push("FAIL.");
+    return `${out.join("\n")}\n`;
+}
+async function loadApp(entry, io) {
+    const candidates = entry ? [entry] : DEFAULT_ENTRIES.slice();
+    let lastErr;
+    for (const candidate of candidates) {
+        try {
+            const mod = (await io.importEntry(candidate));
+            const app = pickApp(mod);
+            if (app)
+                return app;
+            lastErr = new Error(`Loaded "${candidate}" but it did not export an App instance ` +
+                `(expected default export or "app" named export).`);
+        }
+        catch (err) {
+            lastErr = err;
+        }
+    }
+    if (entry) {
+        throw new Error(`Could not load App from "${entry}": ${lastErr?.message ?? String(lastErr)}`);
+    }
+    throw new Error(`Could not find an App entry. Tried: ${DEFAULT_ENTRIES.join(", ")}.\n` +
+        `Pass an explicit path: daloy inspect ./path/to/app.ts`);
+}
+function pickApp(mod) {
+    for (const key of ["default", "app", "default_app"]) {
+        const candidate = mod[key];
+        if (isApp(candidate))
+            return candidate;
+    }
+    // Fallback: scan all named exports.
+    for (const value of Object.values(mod)) {
+        if (isApp(value))
+            return value;
+    }
+    return undefined;
+}
+function isApp(value) {
+    return (typeof value === "object" &&
+        value !== null &&
+        Array.isArray(value.routes) &&
+        typeof value.introspect === "function" &&
+        typeof value.fetch === "function");
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AA2B/C,MAAM,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BZ,CAAC;AAEF,MAAM,eAAe,GAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAEnF,MAAM,UAAU,SAAS,CAAC,IAAuB;IAC/C,MAAM,IAAI,GAAe;QACvB,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;QACd,OAAO,EAAE,KAAK;QACd,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,KAAK;KACf,CAAC;IACF,IAAI,OAAO,GAAG,SAAS,CAAC;IACxB,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,sEAAsE;IACtE,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAAC,OAAO,GAAG,MAAM,CAAC;QAAC,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC;IACpD,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAC9B,QAAQ,CAAC,EAAE,CAAC;YACV,KAAK,QAAQ;gBACX,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;gBACjB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,GAAG,GAAG,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC7C,MAAM;YACR,KAAK,UAAU;gBACb,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;gBACjE,MAAM;YACR,KAAK,IAAI,CAAC;YACV,KAAK,QAAQ;gBACX,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;gBACjB,MAAM;YACR,KAAK,IAAI,CAAC;YACV,KAAK,WAAW;gBACd,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR;gBACE,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;gBACxC,CAAC;gBACD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,SAAS,aAAa,CAAC,IAAuB,EAAE,KAAa,EAAE,IAAY;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAuB,EAAE,EAAS;IAC7D,IAAI,MAAoC,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,EAAE,CAAC,MAAM,CAAC,GAAI,GAAa,CAAC,OAAO,OAAO,IAAI,EAAE,CAAC,CAAC;QAClD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IACD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;IACjC,IAAI,IAAI,CAAC,IAAI,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACpC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,EAAE,CAAC,MAAM,CAAC,oBAAoB,OAAO,OAAO,IAAI,EAAE,CAAC,CAAC;QACpD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IAED,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,EAAE,CAAC,MAAM,CAAC,GAAI,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,EAAE;YAC/B,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;SACzC,CAAC,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IAED,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAEvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,OAAO,GAA4B,EAAE,MAAM,EAAE,CAAC;QACpD,IAAI,MAAM;YAAE,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC;QACtC,EAAE,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,CAAC;IAED,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAE7C,IAAI,MAAM,EAAE,CAAC;QACX,EAAE,CAAC,MAAM,CAAC,KAAK,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzC,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,YAAY,CAAC,MAA2B,EAAE,IAAgB;IACjE,OAAO,MAAM,CAAC,MAAM,CAClB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC;QAC1C,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CACrD,CAAC;AACJ,CAAC;AACD,SAAS,WAAW,CAAC,MAA2B,EAAE,cAAuB;IACvE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,sDAAsD,CAAC;IAChE,CAAC;IACD,MAAM,MAAM,GAAG,cAAc;QAC3B,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,CAAC;QACpE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAe,CAAC,MAAM,CAAC,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,GAAG,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;QACtC,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/F,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACvH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;IACrE,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AAC/B,CAAC;AAED,SAAS,cAAc,CAAC,MAAoD;IAC1E,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IACpE,GAAG,CAAC,IAAI,CACN,oBAAoB,MAAM,CAAC,OAAO,SAAS,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK;QAC7E,GAAG,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK;QAC5D,GAAG,QAAQ,CAAC,MAAM,WAAW,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAClE,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,MAAM,CAAC,EAAE;QAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;;QAC1B,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,KAAyB,EAAE,EAAS;IACzD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC7D,IAAI,OAAgB,CAAC;IACrB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAA4B,CAAC;YACzE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YACzB,IAAI,GAAG;gBAAE,OAAO,GAAG,CAAC;YACpB,OAAO,GAAG,IAAI,KAAK,CACjB,WAAW,SAAS,0CAA0C;gBAC5D,kDAAkD,CACrD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,GAAG,GAAG,CAAC;QAChB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CACb,4BAA4B,KAAK,MAAO,OAAiB,EAAE,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CACxF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CACb,uCAAuC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;QACpE,uDAAuD,CAC1D,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,GAA4B;IAC3C,KAAK,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,KAAK,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IACzC,CAAC;IACD,oCAAoC;IACpC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,KAAK,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACjC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,KAAK,CAAC,KAAc;IAC3B,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,KAAK,CAAC,OAAO,CAAE,KAA8B,CAAC,MAAM,CAAC;QACrD,OAAQ,KAAkC,CAAC,UAAU,KAAK,UAAU;QACpE,OAAQ,KAA6B,CAAC,KAAK,KAAK,UAAU,CAC3D,CAAC;AACJ,CAAC"}

package/dist/rate-limit-redis.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Redis-backed {@link RateLimitStore} for {@link rateLimit}.
+ *
+ * The default in-process `MemoryStore` is per-instance and therefore unsafe
+ * behind more than one server replica. This store keeps the same token-bucket
+ * semantics (fixed window of `windowMs`) but stores the counter in Redis so
+ * every replica observes the same value.
+ *
+ * We avoid taking a hard dependency on any specific Redis client. Instead the
+ * store accepts a tiny {@link RedisCommands} contract: a single `eval`
+ * method. It also ships small adapters for the two most common clients
+ * ({@link ioredisAdapter}, {@link nodeRedisAdapter}). That keeps installs
+ * lightweight and means new clients can be plugged in with ~5 lines of glue
+ * code, which matches DaloyJS's "no magic, no global patching" rule.
+ *
+ * @example Using ioredis
+ * ```ts
+ * import IORedis from "ioredis";
+ * import { rateLimit } from "@daloyjs/core";
+ * import { redisRateLimitStore, ioredisAdapter } from "@daloyjs/core/rate-limit-redis";
+ *
+ * const redis = new IORedis(process.env.REDIS_URL!);
+ * app.use(rateLimit({
+ *   windowMs: 60_000,
+ *   max: 120,
+ *   store: redisRateLimitStore({ client: ioredisAdapter(redis) }),
+ * }));
+ * ```
+ *
+ * @example Using node-redis v4+
+ * ```ts
+ * import { createClient } from "redis";
+ * import { redisRateLimitStore, nodeRedisAdapter } from "@daloyjs/core/rate-limit-redis";
+ *
+ * const redis = createClient({ url: process.env.REDIS_URL });
+ * await redis.connect();
+ * app.use(rateLimit({
+ *   windowMs: 60_000,
+ *   max: 120,
+ *   store: redisRateLimitStore({ client: nodeRedisAdapter(redis) }),
+ * }));
+ * ```
+ */
+import type { RateLimitStore } from "./middleware.js";
+/**
+ * Minimal Redis transport contract used by {@link redisRateLimitStore}.
+ *
+ * `eval` must execute the supplied Lua script atomically on the server and
+ * return whatever Redis returns. Returning the array `[count, ttlMs]` is
+ * required by the bundled script.
+ */
+export interface RedisCommands {
+    eval(script: string, keys: string[], args: string[]): Promise<unknown>;
+}
+/** Options accepted by {@link redisRateLimitStore}. */
+export interface RedisRateLimitStoreOptions {
+    client: RedisCommands;
+    /**
+     * Optional namespace prefix for every Redis key. Defaults to `"daloy:rl:"`.
+     * Use a unique prefix per app/environment to avoid key collisions on a
+     * shared Redis.
+     */
+    prefix?: string;
+    /**
+    * Called when the underlying Redis call throws. The default behavior is
+    * fail-open, which allows the request and reports it as the first hit in a
+    * fresh local window. Override to fail-closed or to wire into your
+    * structured logger.
+     */
+    onError?: (err: unknown) => "fail-open" | "fail-closed";
+}
+/**
+ * Build a {@link RateLimitStore} that persists counters in Redis.
+ *
+ * The returned store is safe to share between requests and replicas. Errors
+ * from Redis are fail-open by default (see {@link RedisRateLimitStoreOptions.onError});
+ * pass a custom handler to fail-closed (return `"fail-closed"`).
+ */
+export declare function redisRateLimitStore(opts: RedisRateLimitStoreOptions): RateLimitStore;
+/**
+ * Shape of an `ioredis` client we care about. Only the `eval` overload that
+ * takes `(script, numKeys, ...keysAndArgs)` is used.
+ */
+export interface IoredisLike {
+    eval(script: string, numKeys: number, ...keysAndArgs: string[]): Promise<unknown>;
+}
+/** Wrap an [`ioredis`](https://github.com/redis/ioredis) client. */
+export declare function ioredisAdapter(client: IoredisLike): RedisCommands;
+/**
+ * Shape of a `node-redis` v4+ client we care about. The v4 `eval` takes an
+ * options object instead of variadic arguments.
+ */
+export interface NodeRedisLike {
+    eval(script: string, options: {
+        keys: string[];
+        arguments: string[];
+    }): Promise<unknown>;
+}
+/** Wrap a [`node-redis`](https://github.com/redis/node-redis) v4+ client. */
+export declare function nodeRedisAdapter(client: NodeRedisLike): RedisCommands;
+//# sourceMappingURL=rate-limit-redis.d.ts.map

package/dist/rate-limit-redis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit-redis.d.ts","sourceRoot":"","sources":["../src/rate-limit-redis.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEtD;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACxE;AAED,uDAAuD;AACvD,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,aAAa,CAAC;IACtB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,WAAW,GAAG,aAAa,CAAC;CACzD;AA+BD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,0BAA0B,GAAG,cAAc,CAoBpF;AAID;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACnF;AAED,oEAAoE;AACpE,wBAAgB,cAAc,CAAC,MAAM,EAAE,WAAW,GAAG,aAAa,CAMjE;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,CACF,MAAM,EAAE,MAAM,EACd,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAE,GAC/C,OAAO,CAAC,OAAO,CAAC,CAAC;CACrB;AAED,6EAA6E;AAC7E,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,CAMrE"}

package/dist/rate-limit-redis.js

@@ -0,0 +1,117 @@
+/**
+ * Redis-backed {@link RateLimitStore} for {@link rateLimit}.
+ *
+ * The default in-process `MemoryStore` is per-instance and therefore unsafe
+ * behind more than one server replica. This store keeps the same token-bucket
+ * semantics (fixed window of `windowMs`) but stores the counter in Redis so
+ * every replica observes the same value.
+ *
+ * We avoid taking a hard dependency on any specific Redis client. Instead the
+ * store accepts a tiny {@link RedisCommands} contract: a single `eval`
+ * method. It also ships small adapters for the two most common clients
+ * ({@link ioredisAdapter}, {@link nodeRedisAdapter}). That keeps installs
+ * lightweight and means new clients can be plugged in with ~5 lines of glue
+ * code, which matches DaloyJS's "no magic, no global patching" rule.
+ *
+ * @example Using ioredis
+ * ```ts
+ * import IORedis from "ioredis";
+ * import { rateLimit } from "@daloyjs/core";
+ * import { redisRateLimitStore, ioredisAdapter } from "@daloyjs/core/rate-limit-redis";
+ *
+ * const redis = new IORedis(process.env.REDIS_URL!);
+ * app.use(rateLimit({
+ *   windowMs: 60_000,
+ *   max: 120,
+ *   store: redisRateLimitStore({ client: ioredisAdapter(redis) }),
+ * }));
+ * ```
+ *
+ * @example Using node-redis v4+
+ * ```ts
+ * import { createClient } from "redis";
+ * import { redisRateLimitStore, nodeRedisAdapter } from "@daloyjs/core/rate-limit-redis";
+ *
+ * const redis = createClient({ url: process.env.REDIS_URL });
+ * await redis.connect();
+ * app.use(rateLimit({
+ *   windowMs: 60_000,
+ *   max: 120,
+ *   store: redisRateLimitStore({ client: nodeRedisAdapter(redis) }),
+ * }));
+ * ```
+ */
+/**
+ * Atomic INCR + PEXPIRE script.
+ *
+ * Returns `{count, ttlMs}` so the caller can compute `resetMs` without a
+ * second round trip. We set the TTL only on the very first INCR so a busy
+ * key keeps its original window and is not perpetually extended.
+ */
+const SCRIPT = `local current = redis.call('INCR', KEYS[1])
+if current == 1 then
+  redis.call('PEXPIRE', KEYS[1], ARGV[1])
+  return {current, tonumber(ARGV[1])}
+end
+local ttl = redis.call('PTTL', KEYS[1])
+if ttl < 0 then
+  redis.call('PEXPIRE', KEYS[1], ARGV[1])
+  ttl = tonumber(ARGV[1])
+end
+return {current, ttl}`;
+function toNumber(value) {
+    if (typeof value === "number")
+        return value;
+    if (typeof value === "bigint")
+        return Number(value);
+    if (typeof value === "string") {
+        const n = Number(value);
+        return Number.isFinite(n) ? n : 0;
+    }
+    return 0;
+}
+/**
+ * Build a {@link RateLimitStore} that persists counters in Redis.
+ *
+ * The returned store is safe to share between requests and replicas. Errors
+ * from Redis are fail-open by default (see {@link RedisRateLimitStoreOptions.onError});
+ * pass a custom handler to fail-closed (return `"fail-closed"`).
+ */
+export function redisRateLimitStore(opts) {
+    const prefix = opts.prefix ?? "daloy:rl:";
+    const onError = opts.onError;
+    return {
+        async hit(key, windowMs) {
+            const fullKey = prefix + key;
+            try {
+                const result = (await opts.client.eval(SCRIPT, [fullKey], [String(windowMs)]));
+                const count = toNumber(result?.[0]);
+                const ttl = toNumber(result?.[1]);
+                return { count, resetMs: Date.now() + ttl };
+            }
+            catch (err) {
+                const decision = onError ? onError(err) : "fail-open";
+                if (decision === "fail-closed")
+                    throw err;
+                return { count: 1, resetMs: Date.now() + windowMs };
+            }
+        },
+    };
+}
+/** Wrap an [`ioredis`](https://github.com/redis/ioredis) client. */
+export function ioredisAdapter(client) {
+    return {
+        eval(script, keys, args) {
+            return client.eval(script, keys.length, ...keys, ...args);
+        },
+    };
+}
+/** Wrap a [`node-redis`](https://github.com/redis/node-redis) v4+ client. */
+export function nodeRedisAdapter(client) {
+    return {
+        eval(script, keys, args) {
+            return client.eval(script, { keys, arguments: args });
+        },
+    };
+}
+//# sourceMappingURL=rate-limit-redis.js.map

package/dist/rate-limit-redis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit-redis.js","sourceRoot":"","sources":["../src/rate-limit-redis.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAiCH;;;;;;GAMG;AACH,MAAM,MAAM,GAAG;;;;;;;;;;sBAUO,CAAC;AAEvB,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAgC;IAClE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,OAAO;QACL,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,QAAgB;YACrC,MAAM,OAAO,GAAG,MAAM,GAAG,GAAG,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAEvD,CAAC;gBACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpC,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;gBACtD,IAAI,QAAQ,KAAK,aAAa;oBAAE,MAAM,GAAG,CAAC;gBAC1C,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YACtD,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAYD,oEAAoE;AACpE,MAAM,UAAU,cAAc,CAAC,MAAmB;IAChD,OAAO;QACL,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI;YACrB,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC5D,CAAC;KACF,CAAC;AACJ,CAAC;AAaD,6EAA6E;AAC7E,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,OAAO;QACL,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI;YACrB,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@daloyjs/core",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "DaloyJS is a runtime-portable, contract-first TypeScript web framework with built-in OpenAPI (Hey API), typed client generation, large-scale maintainability, and security-first defaults. Hono-grade portability, Elysia-grade DX, FastAPI-grade docs, Fastify-grade ops — distributed via pnpm.",
   "type": "module",
   "publishConfig": {
@@ -17,6 +17,9 @@
   "author": "DaloyJS",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
+  "bin": {
+    "daloy": "bin/daloy.mjs"
+  },
   "engines": {
     "node": ">=20.10.0",
     "pnpm": ">=9.0.0"
@@ -73,10 +76,19 @@
     "./multipart": {
       "types": "./dist/multipart.d.ts",
       "import": "./dist/multipart.js"
+    },
+    "./rate-limit-redis": {
+      "types": "./dist/rate-limit-redis.d.ts",
+      "import": "./dist/rate-limit-redis.js"
+    },
+    "./cli": {
+      "types": "./dist/cli.d.ts",
+      "import": "./dist/cli.js"
     }
   },
   "files": [
     "dist",
+    "bin",
     "README.md"
   ],
   "keywords": [
@@ -114,6 +126,7 @@
     "gen:openapi": "node --import tsx scripts/dump-openapi.ts",
     "gen:client": "openapi-ts",
     "gen": "pnpm gen:openapi && pnpm gen:client",
+    "verify:lockfile": "node --import tsx scripts/verify-lockfile-sources.ts",
     "audit": "pnpm audit --prod"
   }
 }